<?php
require_once('include/func.class.php');


	$validate = $_POST['validate'];
	$validate = empty($validate) ? '' : strtolower(trim($validate));
	$svali = strtolower(GetCkVdValue());
	if($validate=='' || $validate != $svali){
		ResetVdValue();
		echo '<script type="text/javascript">alert("验证码不正确!");location.href="login.php";</script>';
		exit;
	}
	else{
		if($_POST["usertype"]==1){
		    $username = $_POST['username'];
		    $password =$_POST['password'];
		
		    $row = mysql_fetch_array(mysql_query("select * from admin where username='$username'"));
		    if(!$row || $row['password'] != MD5(MD5($password))){
			    echo '<script type="text/javascript">alert("用户名或密码不正确！");location.href="login.php";</script>';
			    exit;
		    }
		    else{
			    $logintime = time();
			    $_SESSION['admin'] = $username;
			    setcookie('user_id',$row['id']);
			    $_SESSION['lastlogintime'] = $row['logintime'];
			    $_SESSION['lastloginip'] = $row['loginip'];
			    $_SESSION['logintime'] = $logintime;
			    $loginip = gethostbyname($_SERVER['REMOTE_ADDR']);
			    mysql_query("update admin set loginip='$loginip',logintime='$logintime' where username='$username'");
			    echo '<script type="text/javascript">location.href="index.php";</script>';
			    exit;
		    }
		}else{
		    $username = $_POST['username'];
		    $password = $_POST['password'];

		    $row = mysql_fetch_array(mysql_query("select * from member where m_name='$username'"));
	
		    if(!$row || "123456" != $password){
			    echo '<script type="text/javascript">alert("用户名或密码不正确！");location.href="login.php";</script>';
			    exit;
		    }
		    else{
			    $logintime = time();
			    $_SESSION['member'] = $username;
			    $_SESSION['uid']=$row["id"];
			    setcookie('user_id',$row['id']);
			    echo '<script type="text/javascript">location.href="member_buy.php";</script>';
			    exit;
		    }
		}	
	}

?>